United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nilid Stall-, l'atint and Trademark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



I0/7K5.5K4 



02/24/200-1 



David Lee Motsinger 



25297 7590 09/23/2008 

JENKINS, WILSON, TAYLOR & HUNT, P. A. 
Suite 1200 UNIVERSITY TOWER 
3100 TOWER BLVD., 
DURHAM, NC 27707 



KANE, CORDELIA P 



PAPER NUMBER 



DELIVERY MODE 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



l/ffflrC? nVrliUli Otfff Iff ids y 


Application No. 

10/785,584 


Applicant(s) 

MOTSINGER ET AL. 


Examiner 

CORDELIA KANE 


Art Unit 

2132 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 12 August 2008 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) See Continuation Sheet is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) EI Claim(s) 30-33.37-40.44. 72-75. 79-82.86.93-96.99-102.105. 1 1 1-115. 119-123. 127 and 135-150 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) ^| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 
Paper No(s)/Mail Date 8/12/08 . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20080918 



Continuation Sheet (PTOL-326) Application No. 10/785,584 

Continuation of Disposition of Claims: Claims pending in the application are 30-33,37-40,44,72-75,79-82,86,93-96,99- 
102,105,111-115,119-123,127 and 135-150. 



2 



Application/Control Number: 10/785,584 Page 2 

Art Unit: 2132 

DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on August 
12, 2008 has been entered. 

Response to Arguments 

2. Applicant's arguments with respect to claims 30 - 33, 37 - 40, 44, 72 - 75, 79 - 
82,86,93-96,99-102, 105, 111 -115, 119-123, 127, and 135-150 have been 
considered but are moot in view of the new grounds of rejection. 

Information Disclosure Statement 

3. The information disclosure statement (IDS) submitted on August 12, 2008 was 
filed after the mailing date of the Final office action on February 13, 2008. The 
submission is in compliance with the provisions of 37 CFR 1 .97. Accordingly, the 
information disclosure statement is being considered by the examiner. 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 
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Claim Rejections - 35 USC § 103 

5. Claims 30-33, 37-40, 44, 136 and 138 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Guthrie, and further in view of Sherlock et al's US Publication 
2002/0093527 A1 . 

6. Referring to claims 30, 37 and 44, Guthrie teaches: 

a. Determining if the user login was a success or failure (column 7, lines 39- 
45). 

b. Capturing communication data communicated in a network connecting a 
server application and a client (column 13, lines 46-48). 

c. Monitoring user login failures between the server application and the client 
during a predetermined time (column 8, lines 10-12). 

d. Detecting whether the number of user login failures (column 8, lines 10- 
12) exceeds a predetermined number(column 8, lines 37-40). 

7. Guthrie does not explicitly disclose logging the information without accessing or 
modifying the server application or the client and without affecting normal flow of 
network traffic. However, Sherlock discloses listening on a network and logging the 
events (page 2, paragraphs 41 ). Guthrie and Sherlock are analogous art because they 
are from the same field of endeavor, network security. At the time of the invention, it 
would have been obvious to one of ordinary skill in the art, having the teachings of 
Guthrie and Sherlock before him or her, to modify the system of Guthrie to include the 
transparent monitoring of Sherlock. The suggestion/motivation for doing so would have 
been it would be advantageous to provide a technique for transmitting event description 
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of network traffic from a source file or a data stream to a target destination such as a 
network policy engine (page 2, paragraph 40). 

8. Referring to claims 31 and 38, Guthrie teaches that the network may be a local 
area network (column 5, lines 4-5). 

9. Referring to claims 136 and 138, Guthrie teaches that the communications data 
contains a session identifier that identifies a session established between the server 
and the client, wherein monitoring includes identifying communication data containing 
the session identifier (column 13, lines 49-50). 

10. Referring to claims 32, 33, 39, and 40, Sherlock teaches communicating using 
HTTP connections (page 4, Table A). 

1 1 . Claims 72 - 75, 79 - 82 ,86, 140 and 142 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Royer, and further in view of Sherlock. 

12. Referring to claims 72, 79 and 86, Royer teaches: 

e. Capturing communication data of a login session communicated in a 
network connecting a server application and a client (pages 6-7, paragraph 67) 

f. Monitoring user logoff between the server application and the client based 
on the captured communication data (page 7, paragraph 69). 

g. Monitoring automatic session expiration between the server application 
and the client based on the captured communication data (pages 6-7, paragraph 
67). 
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h. Determining whether the client completes logoff before the session 
automatically expires (page 7, paragraph 69). 

1 3. Royer does not explicitly disclose logging the information without accessing or 
modifying the server application or the client and without affecting normal flow of 
network traffic. However, Sherlock discloses listening on a network and logging the 
events (page 2, paragraphs 41 ). Royer and Sherlock are analogous art because they 
are from the same field of endeavor, network security. At the time of the invention, it 
would have been obvious to one of ordinary skill in the art, having the teachings of 
Royer and Sherlock before him or her, to modify the system of Royer to include the 
transparent monitoring of Sherlock. The suggestion/motivation for doing so would have 
been it would be advantageous to provide a technique for transmitting event description 
of network traffic from a source file or a data stream to a target destination such as a 
network policy engine (page 2, paragraph 40). 

14. Referring to claims 73, and 80, Royer teaches that the network can be a Wide 
Area Network or a Local area network (page 4, paragraph 34). 

1 5. Referring to claims 74 and 81 , Royer teaches that the information may be passed 
using Hypertext Transmission Protocol (page 2, paragraph 23). 

16. Referring to claims 75 and 82, Royer teaches that HTTP may be the 
communication method (page 2, paragraph 23). It is inherent that this would involve 
both HTTP requests and responses. 

17. Referring to claims 140 and 142, Royer teaches that the communications data 
contains a session identifier that identifies a session established between the server 
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and the client, wherein monitoring includes identifying communication data containing 
the session identifier (page 7, paragraph 68). 

18. Claims 93 -96, 99-102, 105, 1 1 1 - 1 15, 1 19 - 123, 127, 144, 146, 148, and 
150 are rejected under 35 U.S.C. 103(a) as being unpatentable over Rowland, and 
further in view of Sherlock. 

19. Referring to claims 93, 99 and 105, Rowland teaches: 

i. Capturing communication data communicated in a network connecting a 
server application and at least one client, wherein the captured communication 
data is associated with first and second user login sessions for first and second 
users, respectively, of the server application (column 5, lines 21-30). 
j. Monitoring the captured communication data associated with the first and 
second user login sessions (column 5, lines 27-30). 

k. Determining whether the second user login session occurs during the first 
user login session when the user of the first and second login session are 
identical (column 5, lines 10-11). 

20. Rowland does not explicitly disclose logging the information without accessing or 
modifying the server application or the client and without affecting normal flow of 
network traffic. However, Sherlock discloses listening on a network and logging the 
events (page 2, paragraphs 41). Rowland and Sherlock are analogous art because they 
are from the same field of endeavor, network security. At the time of the invention, it 
would have been obvious to one of ordinary skill in the art, having the teachings of 
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Rowland and Sherlock before him or her, to modify the system of Rowland to include 
the transparent monitoring of Sherlock. The suggestion/motivation for doing so would 
have been it would be advantageous to provide a technique for transmitting event 
description of network traffic from a source file or a data stream to a target destination 
such as a network policy engine (page 2, paragraph 40). 

21 . Referring to claims 94 and 100, Rowland teaches notifying the controller if 
abnormal activity is detected (column 3, lines 44-46). 

22. Referring to claims 95 and 1 01 , Rowland teaches that the information transfer 
takes place over a network (column 2, line 64). Rowland also teaches intrusion into 
(corresponding to the recited login) different network environments (column 1 , lines 11- 
20). 

23. Referring to claims 96 and 102, Rowland teaches that the users have File 
Transfer Protocol services, Simple Mail Transfer Protocol services and HTTP services 
(column 6, lines 31-35). 

24. Referring to claims 111, 119, and 127, Rowland teaches: 

I. Designating a first login time for a client as a disallowed login time 
(column 4, lines 55-56). It is inherent from determining the allowed hours that the 
disallowed hours are also known. 

m. Determining a second login time for the client in communication data with 
a server application based on communication data captured from a network 
connecting the server application and the client (column 5, lines 21-30). 
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n. Determining whether the second login time matches the first login time 
(column 5, lines 28-30). 

o. If the first and second login times match, indicating that the client in data 
communication with the server application is logging in at a disallowed login time 
(column 5, liens 28-30). 

25. Rowland does not explicitly disclose logging the information without accessing or 
modifying the server application or the client and without affecting normal flow of 
network traffic. However, Sherlock discloses listening on a network and logging the 
events (page 2, paragraphs 41). Rowland and Sherlock are analogous art because they 
are from the same field of endeavor, network security. At the time of the invention, it 
would have been obvious to one of ordinary skill in the art, having the teachings of 
Rowland and Sherlock before him or her, to modify the system of Rowland to include 
the transparent monitoring of Sherlock. The suggestion/motivation for doing so would 
have been it would be advantageous to provide a technique for transmitting event 
description of network traffic from a source file or a data stream to a target destination 
such as a network policy engine (page 2, paragraph 40). 

26. Referring to claims 112 and 120, Rowland teaches notifying, or alerting the 
controller if the user is logged on at a disallowed time (column 5, lines 28-30). 

27. Referring to claims 113, and 121 , Rowland teaches that the information transfer 
takes place over a network (column 2, line 64). He also teaches that this invention is to 
solve a problem with connectivity in intranet environments (column 1, lines 11-12). 
Intranet inherently includes a local area network. 
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28. Referring to claims 114, and 122, Rowland teaches that the users have File 
Transfer Protocol services, Simple Mail Transfer Protocol services and HTTP services 
(column 6, lines 31-35). 

29. Referring to claims 1 1 5 and 1 23, Rowland teaches that the users are equipped to 
handle HTTP requests (column 6, line 35). 

30. Referring to claims 144, 146, 148, and 150, Rowland teaches that the 
communications data contains a session identifier that identifies a session established 
between the server and the client, wherein monitoring includes identifying 
communication data containing the session identifier (column 4, lines 52-53). 

31 . Claims 1 35 and 1 37 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Guthrie in view of Sherlock, and further in view of Nemovicher. Guthrie in view of 
Sherlock discloses all the limitations of the parent claims. Guthrie in view of Sherlock 
does not explicitly disclose making a copy of the communications data. However, 
Nemovicher discloses creating a backup and archive storage to preserve data from the 
LAN (page 4, paragraph 45). Guthrie in view of Sherlock and Nemovicher are 
analogous art because they are from the same field of endeavor, user security. At the 
time of the invention, it would have been obvious to one of ordinary skill in the art, 
having the teachings of Guthrie in view of Sherlock and Nemovicher before him or her, 
to modify the system of Guthrie in view of Sherlock to include the backup of 
Nemovicher. The suggestion/motivation for doing so would have been to preserve data 
from the LAN (page 4, paragraph 45). 
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32. Claims 139 and 141 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Royer in view of Sherlock, and further in view of Nemovicher. Royer in view of 
Sherlock discloses all the limitations of the parent claims. Royer in view of Sherlock 
does not explicitly disclose making a copy of the communications data. However, 
Nemovicher discloses creating a backup and archive storage to preserve data from the 
LAN (page 4, paragraph 45). Royer in view of Sherlock and Nemovicher are analogous 
art because they are from the same field of endeavor, user security. At the time of the 
invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Royer in view of Sherlock and Nemovicher before him or her, to modify the 
system of Royer in view of Sherlock to include the backup of Nemovicher. The 
suggestion/motivation for doing so would have been to preserve data from the LAN 
(page 4, paragraph 45). 

33. Claims 143, 145, 147, and 149 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Rowland in view of Sherlock, and further in view of Nemovicher. 
Rowland in view of Sherlock discloses all the limitations of the parent claims. Rowland 
in view of Sherlock does not explicitly disclose making a copy of the communications 
data. However, Nemovicher discloses creating a backup and archive storage to 
preserve data from the LAN (page 4, paragraph 45). Rowland in view of Sherlock and 
Nemovicher are analogous art because they are from the same field of endeavor, user 
security. At the time of the invention, it would have been obvious to one of ordinary skill 
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in the art, having the teachings of Rowland in view of Sherlock and Nemovicher before 
him or her, to modify the system of Rowland in view of Sherlock to include the backup of 
Nemovicher. The suggestion/motivation for doing so would have been to preserve data 
from the LAN (page 4, paragraph 45). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CORDELIA KANE whose telephone number is 
(571 )272-7771 . The examiner can normally be reached on Monday - Thursday 8:00 - 
5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. 



/C. K.I 

Examiner, Art Unit 2132 
/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2132 



